EC-CUBE · okazy · Aug 24, 2021 · Aug 16, 2021 · Aug 16, 2021 · Aug 19, 2021
diff --git a/.github/workflows/deny-test.yml b/.github/workflows/deny-test.yml
@@ -0,0 +1,132 @@
+name: Deny check for EC-CUBE
+on:
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*'
+    paths:
+      - '**'
+      - '!*.md'
+  pull_request:
+    paths:
+      - '**'
+      - '!*.md'
+jobs:
+  deploy:
+    name: Deny check
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:11
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: password
+        ports:
+          - 5432:5432
+        # needed because the postgres container does not provide a healthcheck
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+
+      - name: Setup PHP
+        uses: nanasess/setup-php@master
+        with:
+          php-version: '7.3'
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - uses: actions/cache@v1
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Install to Composer
+        run: composer install --no-scripts --no-dev --no-interaction --optimize-autoloader
+
+      - name: Translate to templates
+        run: php bin/template_jp.php
+
+      - name: Setup to EC-CUBE
+        env:
+          APP_ENV: 'prod'
+          DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db
+          DATABASE_SERVER_VERSION: 11
+        run: |
+          rm -rf $GITHUB_WORKSPACE/app/Plugin/*
+          echo "APP_ENV=${APP_ENV}" > .env
+          bin/console doctrine:database:create --env=dev
+          bin/console doctrine:schema:create --env=dev
+          bin/console eccube:fixtures:load --env=dev
+
+      - name: Install Plugins
+        env:
+          APP_ENV: 'prod'
+          DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db
+          DATABASE_SERVER_VERSION: 11
+        run: |
+          bin/console eccube:composer:require "ec-cube/recommend4"
+          bin/console eccube:composer:require "ec-cube/coupon4"
+          bin/console eccube:composer:require "ec-cube/mailmagazine4"
+          bin/console eccube:composer:require "ec-cube/salesreport4"
+          bin/console eccube:composer:require "ec-cube/relatedproduct4"
+          bin/console eccube:composer:require "ec-cube/securitychecker4"
+          bin/console eccube:composer:require "ec-cube/productreview4"
+          bin/console eccube:composer:require "ec-cube/api"
+          bin/console eccube:composer:require "ec-cube/sitekit"
+          bin/console eccube:composer:require "ec-cube/gmc"
+
+      - name: Pre Install Plugins
+        env:
+          PGPASSWORD: 'password'
+        run: psql eccube_db -h 127.0.0.1 -U postgres -c "select id,name,code,0 as enabled,version,source,0 as initialized,'2021-08-13 00:00:00' as create_date,'2021-08-13 00:00:00' as update_date,discriminator_type from dtb_plugin;" -A -F, --pset footer > src/Eccube/Resource/doctrine/import_csv/ja/dtb_plugin.csv
+
+      - name: Packaging
+        working-directory: ../
+        run: ${{ github.event.repository.name }}/package.sh
+
+      - name: Build Container
+        run: docker build -t ec-cube --build-arg SKIP_INSTALL_SCRIPT_ON_DOCKER_BUILD=true .
+
+      - name: Container Run
+        run: |
+          docker run -e APP_ENV=prod -e APP_DEBUG=0 -e DATABASE_URL="sqlite:///var/eccube.db" -e DATABASE_SERVER_VERSION=3 --rm -d -p 8080:80 --name eccube ec-cube
+          docker cp ../eccube.tar.gz eccube:/tmp/
+          docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html"
+          docker exec -u www-data eccube bin/console eccube:install -n
+          docker exec -u www-data eccube bash -c 'for code in Api Coupon4 GMC MailMagazine4 ProductReview4 Recommend4 RelatedProduct4 SalesReport4 Securitychecker4 SiteKit; do bin/console eccube:plugin:enable --code $code; done'
+
+      - name: setup-chromedriver
+        uses: nanasess/setup-chromedriver@master
+
+      - name: Prepare test
+        run: |
+          export DISPLAY=:99
+          chromedriver --url-base=/wd/hub &
+          echo ">>> Started chrome-driver"
+          sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
+          echo ">>> Started xvfb"
+          composer install --no-scripts --no-interaction --optimize-autoloader
+          echo "modules:
+              enabled:
+              - REST:
+                  depends: PhpBrowser
+                  url: 'http://127.0.0.1:8080'
+              config:
+                  WebDriver:
+                      host: '127.0.0.1'
+                      port: 9515
+                      url: 'http://127.0.0.1:8080'" > codeception/_envs/local.yml
+
+      - name: Run tests
+        env:
+          APP_ENV: 'codeception'
+          DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db
+          DATABASE_SERVER_VERSION: 11
+        run: |
+          vendor/bin/codecept -vvv run acceptance --env chrome,local CL01DenyCest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -80,47 +80,7 @@ jobs:
         working-directory: ../
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
-          REPOSITORY_NAME: ${{ github.event.repository.name }}
-          PATH_NAME: eccube-${{ github.event.release.tag_name }}
-        run: |
-          rm -rf $GITHUB_WORKSPACE/.editorconfig
-          rm -rf $GITHUB_WORKSPACE/.gitignore
-          rm -rf $GITHUB_WORKSPACE/.buildpath
-          rm -rf $GITHUB_WORKSPACE/.gitmodules
-          rm -rf $GITHUB_WORKSPACE/.php_cs.dist
-          rm -rf $GITHUB_WORKSPACE/phpunit.xml.dist
-          rm -rf $GITHUB_WORKSPACE/phpstan.neon.dist
-          rm -rf $GITHUB_WORKSPACE/app.json
-          rm -rf $GITHUB_WORKSPACE/Procfile
-          rm -rf $GITHUB_WORKSPACE/LICENSE.txt
-          rm -rf $GITHUB_WORKSPACE/README.md
-          rm -rf $GITHUB_WORKSPACE/codeception.yml
-          rm -rf $GITHUB_WORKSPACE/var/*
-          rm -rf $GITHUB_WORKSPACE/.env
-          rm -rf $GITHUB_WORKSPACE/codeception
-          rm -rf $GITHUB_WORKSPACE/tests
-          rm -rf $GITHUB_WORKSPACE/.github
-          rm -rf $GITHUB_WORKSPACE/zap
-          rm -rf $GITHUB_WORKSPACE/docker-compose.owaspzap.yml
-          find $GITHUB_WORKSPACE -name "dummy" -print0 | xargs -0 rm -rf
-          find $GITHUB_WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
-          find $GITHUB_WORKSPACE -name ".git*" -type d -print0 | xargs -0 rm -rf
-
-          echo "set permissions..."
-          chmod -R o+w $GITHUB_WORKSPACE
-
-          echo "complession files..."
-          mv $REPOSITORY_NAME $PATH_NAME
-          tar czfp eccube-$TAG_NAME.tar.gz $PATH_NAME
-          zip -ry eccube-$TAG_NAME.zip $PATH_NAME 1> /dev/null
-          md5sum eccube-$TAG_NAME.tar.gz | awk '{ print $1 }' > eccube-$TAG_NAME.tar.gz.checksum.md5
-          md5sum eccube-$TAG_NAME.zip | awk '{ print $1 }' > eccube-$TAG_NAME.zip.checksum.md5
-          sha1sum eccube-$TAG_NAME.tar.gz | awk '{ print $1 }' > eccube-$TAG_NAME.tar.gz.checksum.sha1
-          sha1sum eccube-$TAG_NAME.zip | awk '{ print $1 }' > eccube-$TAG_NAME.zip.checksum.sha1
-          sha256sum eccube-$TAG_NAME.tar.gz | awk '{ print $1 }' > eccube-$TAG_NAME.tar.gz.checksum.sha256
-          sha256sum eccube-$TAG_NAME.zip | awk '{ print $1 }' > eccube-$TAG_NAME.zip.checksum.sha256
-          mv $PATH_NAME $REPOSITORY_NAME
-          ls -al
+        run: ${{ github.event.repository.name }}/package.sh
 
       - name: Upload binaries to release of TGZ
         uses: svenstaro/upload-release-action@v1-release

diff --git a/codeception/acceptance/CL01DenyCest.php b/codeception/acceptance/CL01DenyCest.php
@@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of EC-CUBE
+ *
+ * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
+ *
+ * http://www.ec-cube.co.jp/
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use \Codeception\Example;
+
+class CL01DenyCest
+{
+    /**
+     * @example { "title": "varが公開されていないか", "file": "var/cache/prod/annotations.map" }
+     * @example { "title": ".envが公開されていないか", "file": ".env"}
+     * @example { "title": "vendorが公開されていないか", "file": "vendor/symfony/config/README.md"}
+     * @example { "title": "codeceptionが公開されていないか", "file": "codeception/acceptance/config.ini"}
+     */
+    public function denyFiles(AcceptanceTester $I, Example $data)
+    {
+        $I->wantTo($data['title']);
+        $I->sendGet($data['file']);
+        $I->seeResponseCodeIs(403);
+    }
+}
diff --git a/composer.json b/composer.json
@@ -112,6 +112,8 @@
         "captbaritone/mailcatcher-codeception-module": "^1.2",
         "codeception/codeception": "^4.1",
         "codeception/module-asserts": "^1.3",
+        "codeception/module-phpbrowser": "^1.0",
+        "codeception/module-rest": "^1.3",
         "codeception/module-webdriver": "^1.2",
         "dama/doctrine-test-bundle": "^5.0",
         "fzaninotto/faker": "^1.7",